DOCSLIB.ORG

The Security of Open Vs. Closed

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Security Now! Transcript of Episode #245 Page 1 of 22 Transcript of Episode #245 The Security of Open vs. Closed Description: After catching up on many interesting recent security events, Steve and Leo seriously examine the proven comparative security of open versus closed source and development software, and open versus closed execution platforms. What's really more secure? High quality (64 kbps) mp3 audio file URL: http://media.GRC.com/sn/SN-245.mp3 Quarter size (16 kbps) mp3 audio file URL: http://media.GRC.com/sn/sn-245-lq.mp3 Leo Laporte: This is Security Now! with Steve Gibson, Episode 245 for April 22, 2010: Open vs. Closed Security. It's time for Security Now!, the show that covers everything you need to know about keeping yourself safe online. And the king of security is here, Mr. Steve Gibson, the man who discovered the first spyware, coined the term "spyware," wrote the first antispyware program. He's also the author of many useful security tools and the great SpinRite, the world's best hard drive and maintenance utility. And he's here from GRC.com to talk about security. Hey, Steve. Steve Gibson: And not for the first time, for the 245th time. Leo: I hate hearing those big numbers. They make me tired. I am tiring. So we're going to actually cover today something very interesting. A little more philosophical show than usual. Steve: Yes. And I'm - I think that's precisely it. Last week when I was talking about the iPad it generated a flurry of responses from our listeners and some confusion over in GRC's own Security Now! newsgroup with people who were sort of assuming that I meant something that I didn't mean. And it sort of - and I ended up putting together a careful posting, sort of in reply, to make it clear what it was that I meant, but also to be a little bit controversial, and I think defensibly so. And we've never really addressed front-on the issue of open vs. closed from a security standpoint. We've gone around and around about what's more secure, open source or closed source? And so I want to talk about that, and also about open platform vs. closed platform, which is where the iPad and iPhone and other devices come in. So this week is the security of open vs. closed. And a bunch of news. It has been a hopping week. Got all kinds of really interesting stuff. Security Now! Transcript of Episode #245 Page 2 of 22 Leo: It's such a great topic. Yeah, good. Yeah, there has been. I think, well, I can't wait to hear what your thoughts are on it. And I will participate in this because I'm very interested in this, yeah. Steve: I know you will. This'll be much more of a discussion between us. What I'm going to do is I'm going to - I've rewritten that original posting a bit for the podcast. So I'll lead in with reading what I wrote because I can't even paraphrase it as well as what I deliberately put down. And then we'll open it up to talk about it. Leo: Great. Shall we start with the security news? I bet there's a little bit to talk about. Steve: It was a hopping week, Leo. CBS did a report which was really rather scathing. You can find it on YouTube if you're curious. What they revealed in an investigative journalism piece was that nearly every digital copier sold since 2002, so that's the past eight years, contains a hard disk drive which, for reasons that surpass understanding, maintains an image of every document that the machine has scanned or faxed for you. And these machines are often leased by companies for some period of time. When the lease is up, they want the newer model. Leo: Right. Steve: So some guy comes in and wheels in the new one and wheels out the old one. The old one goes into a warehouse. And this CBS story showed a warehouse containing thousands of sort of wrapped-in-plastic, sort of shrink-wrapped copiers. At the time the story was being done, two large containers, as in shipping containers that go on huge transatlantic ships... Leo: Oh, the freighters, yeah, yeah, yeah. Steve: Yeah. Two of those huge containers were being filled up with copiers, headed for Argentina and Singapore. Now, the investigators purchased for, I think it was maybe three or $400 each, four of these used copiers and took them to a forensics guy, who used freely available software, opened them up, took out the hard drives. And they found literally tens of thousands of documents. One of the copiers had been in a police station for the duration of its life, where it had scanned police records, driver's licenses, tax receipts, tax records, I mean, the list of documents that they recovered was mindboggling. One of the other of the four copiers had been at a health insurance company for its duration, where they recovered all the documents that the scanner had seen, which for some reason were stored dutifully on this hard drive. And they found reams of personally identifiable information, medical records, health records, social security numbers, I mean, everything you can imagine. And so here was four randomly sampled copiers out of a huge warehouse. One of the employees during this story said, "Oh, yeah, we're getting copiers in all the time." And they said, "Well, where are those two containers going?" "Oh, one's off to Argentina, and Security Now! Transcript of Episode #245 Page 3 of 22 one's off to Singapore. They buy our used copiers." Leo: Hard drive and all. Steve: Hard drive included. And one of the - I guess it might have been - it was someone, I think it was from Canon, was interviewed, one of the executives, who explained that, oh, well, yeah, we tell people, you know, that their documents are being stored in this thing. And for an extra $500 there's an encryption option. But apparently not everyone gets that. And it's not even clear what it would do or how it would work. And frankly, I'm mystified by what function it is that requires a digital copier to store documents. Leo: Well, you could see there'd be short-term storage, maybe because it speeds up the scan, scans it in. Steve: Well, exactly. And then you want, like, okay, we need 20 copies of this. So you feed it in once, it stores it on the hard drive, and then it dumps it out to its little, essentially a laser printer that's built into this thing. But have them expire after a day or after an hour. I mean, what's the point of storing every document you've ever scanned? And are they accessible through the control panel? I've not seen where you're able to somehow browse through past documents. Leo: It's bizarre. Steve: That would be an obvious security and privacy concern. So it's like this thing is hiding these documents for some reason. And anyway, so... Leo: What about, like, Kinko's? If you use a public... Steve: Yeah. Leo: ...copy place, presumably that's all being stored, as well. Steve: Yeah, I mean, I can't say one way or the other which technology does or doesn't. But, I mean, this seems to be a huge, unrecognized privacy problem where these copiers really do need to have their hard drives scrubbed before they leave, and of course that would kill the copier. So the idea is, when your lease is up, you don't want to... Leo: Scrub. Steve: Well, yeah, you can't kill the function of the copier. Presumably, if you did run DBAN or something against the drive... Security Now! Transcript of Episode #245 Page 4 of 22 Leo: Oh, I see, yeah. Steve: ...it would render the copier nonfunctional. It probably boots off that hard drive, as well. So... Leo: What's a digital copier? What is - how would you, I mean, how would you know if you had a digital copier? What is that? Steve: It's probably any recent copier which is running a scanner and is able to do fancy things, like resize or duplex or uncollate, all those different things. You're going to have to store the scanned images somewhere. Clearly they're not storing it in RAM any longer. They're putting it on a hard drive. So, I mean, I would imagine that - and in the story I recognized these as WD hard drives, which are well known for many years as being very inexpensive in large OEM quantities. And so I could see the label on the drive going, oh, yeah, it's a WD hard drive, Western Digital. And those are in copiers, apparently. That's just the way they operate now. [Indiscernible] red flag. Leo: That's very interesting. Very interesting. Steve: In other disturbing news, Slashdot picked up a story from a security researcher, Kurt, I guess it's Seifried, who writes for Linux Magazine. He was curious in light of all of this recent flurry of concern over the security of certificates. He was wondering how difficult it was to obtain certificates for webmail systems because he realized that determining the identity of the person asking for a certificate is the remaining real problem with the whole certificate authority process.
Recommended publications
  • Netflix Security Requirements for Android Platforms Version 1.0 December 6, 2010

    Netflix Security Requirements for Android Platforms Version 1.0 December 6, 2010

    Netflix Security Requirements for Android Platforms Version 1.0 December 6, 2010 Netflix Confidential Overall Security Philosophy • Netflix and Partners are working together to create a market for connected platforms and services • For long-term success, this requires a healthy and secure ecosystem – Based on best practices – Transparency between content, service, and platform partners – Proactive cooperation, rapid response • Our mutual success depends on it – Breaches hurt everyone Netflix Confidential Typical Studio Requirements • Platforms must meet agreed-upon robustness specifications (Netflix Robustness Rules, DRM providers’ robustness rules) • Platform partners must submit sample products and security documentation to Netflix for certification. – Netflix must review documentation and assess compliance with robustness specifications • If a platform is breached, Netflix or partner may be required to revoke individual or class of platforms. • In case of extended breach or platform non-compliance, studio has option to suspend availability of content to the Netflix service. – Such action would adversely affect all platforms and all Netflix subscribers. Netflix Confidential Android vs. Studio Requirements • Most Android platforms have been “rooted” – yields full control of system – history suggests this problem will not go away • Once rooting occurs, Linux security model is insufficient to protect content -related assets • Without modification, these platforms do not allow Netflix to meet contractual obligations to studios • We are aggressively working with partners to address this vulnerability Netflix Confidential High-Level Platform Security Concerns • Content Protection – DRM keys – Content keys – AV content • Application Security – Application keys – Access to Netflix APIs & functionality – Non-modifiability – Non-migrateability Netflix Confidential Content Protection: DRM Keys • Group key – typically provisioned in manufacturing – one key for entire class of devices (e.g.
  • Structuring the Smartphone Industry: Is the Mobile Internet OS Platform the Key?

    Structuring the Smartphone Industry: Is the Mobile Internet OS Platform the Key?

    A Service of Leibniz-Informationszentrum econstor Wirtschaft Leibniz Information Centre Make Your Publications Visible. zbw for Economics Kenney, Martin; Pon, Bryan Working Paper Structuring the smartphone industry: Is the mobile internet OS platform the key? ETLA Discussion Papers, No. 1238 Provided in Cooperation with: The Research Institute of the Finnish Economy (ETLA), Helsinki Suggested Citation: Kenney, Martin; Pon, Bryan (2011) : Structuring the smartphone industry: Is the mobile internet OS platform the key?, ETLA Discussion Papers, No. 1238, The Research Institute of the Finnish Economy (ETLA), Helsinki This Version is available at: http://hdl.handle.net/10419/44498 Standard-Nutzungsbedingungen: Terms of use: Die Dokumente auf EconStor dürfen zu eigenen wissenschaftlichen Documents in EconStor may be saved and copied for your Zwecken und zum Privatgebrauch gespeichert und kopiert werden. personal and scholarly purposes. Sie dürfen die Dokumente nicht für öffentliche oder kommerzielle You are not to copy documents for public or commercial Zwecke vervielfältigen, öffentlich ausstellen, öffentlich zugänglich purposes, to exhibit the documents publicly, to make them machen, vertreiben oder anderweitig nutzen. publicly available on the internet, or to distribute or otherwise use the documents in public. Sofern die Verfasser die Dokumente unter Open-Content-Lizenzen (insbesondere CC-Lizenzen) zur Verfügung gestellt haben sollten, If the documents have been made available under an Open gelten abweichend von diesen Nutzungsbedingungen
  • Internet of Nano-Things, Things and Everything: Future Growth Trends

    Internet of Nano-Things, Things and Everything: Future Growth Trends

    future internet Review Internet of Nano-Things, Things and Everything: Future Growth Trends Mahdi H. Miraz 1 ID , Maaruf Ali 2, Peter S. Excell 3,* and Richard Picking 3 1 Centre for Financial Regulation and Economic Development (CFRED), The Chinese University of Hong Kong, Sha Tin, Hong Kong, China; [email protected] 2 International Association of Educators and Researchers (IAER), Kemp House, 160 City Road, London EC1V 2NX, UK; [email protected] 3 Faculty of Art, Science and Technology, Wrexham Glyndwrˆ University, Wrexham LL11 2AW, UK; [email protected] * Correspondence: [email protected]; Tel.: +44-797-480-6644 Received: 22 June 2018; Accepted: 25 July 2018; Published: 28 July 2018 Abstract: The current statuses and future promises of the Internet of Things (IoT), Internet of Everything (IoE) and Internet of Nano-Things (IoNT) are extensively reviewed and a summarized survey is presented. The analysis clearly distinguishes between IoT and IoE, which are wrongly considered to be the same by many commentators. After evaluating the current trends of advancement in the fields of IoT, IoE and IoNT, this paper identifies the 21 most significant current and future challenges as well as scenarios for the possible future expansion of their applications. Despite possible negative aspects of these developments, there are grounds for general optimism about the coming technologies. Certainly, many tedious tasks can be taken over by IoT devices. However, the dangers of criminal and other nefarious activities, plus those of hardware and software errors, pose major challenges that are a priority for further research. Major specific priority issues for research are identified.
  • Id, Conf 20Xx

    Id, Conf 20Xx

    ID, CONF 20XX - Where is the policy enforced? -- When is the policy imposed? -- What is protected by the policy? (fine grained) -- What is protected by the policy? (coarse grained) -- Requirements of the person applying the sandbox -- Requirements of the application -- Security Policy Type -- Policy enforcements place in kill chain -- Policy Management -- Policy Construction -- Validation Claim -- Validation -- KCoFI, Oakland 2014 - Where is the policy enforced? -- System: “KCoFI protects commodity operating systems from classical control- flow hijack attacks, return-to-user attacks, and code segment modification attacks.” When is the policy imposed? -- Hybrid: “KCoFI has several unique requirements. First, it must instrument commodity OS kernel code; existing CFI enforcement mechanisms use either compiler or binary instrumentation [4], [10], [18]. Second, KCoFI must understand how and when OS kernel code interacts with the hardware. For example, it must understand when the OS is modifying hardware page tables in order to prevent errors like writeable and executable memory. Third, KCoFI must be able to control modification of interrupted program state in order to prevent ret2usr attacks.” What is protected by the policy? (fine grained) -- Code instructions: See Where is the policy enforced? What is protected by the policy? (coarse grained) -- System Level Component: See Where is the policy enforced? Requirements of the person applying the sandbox -- Install a tool: “The SVA-OS instructions described later in this section are implemented as a run-time library that is linked into the kernel.” Requirements of the application -- Use special compiler: “All software, including the operating system and/or hypervisor, is compiled to the virtual instruction set that SVA provides.” Requirements of the application -- Use sandbox as framework/library: “Because the operating system must interface with the hardware via the SVA-OS instructions, it must be ported to the SVA virtual instruction set.
  • Jungledocs Documentation Release V1.0.1

    Jungledocs Documentation Release V1.0.1

    jungledocs Documentation Release v1.0.1 Sarah Scott Jul 24, 2017 Table Of Contents 1 What Is Jungle Disk? 1 1.1 Backup Solutions.............................................1 2 Setting Up Jungle Disk 3 2.1 System Requirements..........................................3 2.2 Installation................................................4 2.3 Administrator Setup...........................................7 3 Introduction to the Jungle Disk Client 13 3.1 Agent................................................... 13 3.2 Activity Monitor............................................. 18 3.3 Application Settings........................................... 20 3.4 Settings File............................................... 28 4 Backup Solutions 31 4.1 Network Drive.............................................. 31 4.2 Backup Vault............................................... 32 5 The Network Drive 33 5.1 Network Drive.............................................. 35 5.2 Local Drive Mapping........................................... 37 5.3 Previous Versions............................................ 39 6 Simple Backup 43 6.1 Simple Backup.............................................. 44 6.2 Backup Job................................................ 45 7 The Backup Vault 51 7.1 Backup Vault............................................... 54 7.2 Backup Job................................................ 54 7.3 Previous Versions............................................ 59 8 How Does The Backup Process Work? 61 8.1 Data De-Duplication..........................................
  • August 2009 Volume 34 Number 4

    August 2009 Volume 34 Number 4

    AUGUST 2009 VOLUME 34 NUMBER 4 OPINION Musings 2 Rik Farrow FILE SYSTEMS Cumulus: Filesystem Backup to the Cloud 7 Michael VR able, SteFan SaVage, and geoffrey M. VoelkeR THE USENIX MAGAZINE PROGRAMMinG Rethinking Browser Performance 14 leo MeyeRoVich Programming Video Cards for ­Database Applications 21 tiM kaldewey SECURITY Malware to Crimeware: How Far Have They Gone, and How Do We Catch Up? 35 daVid dittRich HARDWARE A Home-Built NTP Appliance 45 Rudi Van dRunen CoLUMns Practical Perl Tools: Scratch the ­Webapp Itch with CGI::Application, Part 1 56 daVid n. blank-edelMan Pete’s All Things Sun: T Servers—Why, and Why Not 61 PeteR baeR galVin iVoyeur: Who Invited the Salesmen? 67 daVe JoSePhSen /dev/random 71 RobeRt g. Ferrell BooK REVIEWS Book Reviews 74 elizabeth zwicky et al. USEniX NOTES USENIX Lifetime Achievement Award 78 STUG Award 79 USENIX Association Financial Report for 2008 79 ellie young Writing for ;login: 83 ConfERENCES NSDI ’09 Reports 84 Report on the 8th International Workshop on Peer-to-Peer Systems (IPTPS ’09) 97 Report on the First USENIX Workshop on Hot Topics in Parallelism (HotPar ’09) 99 Report on the 12th Workshop on Hot Topics in Operating Systems (HotOS XII) 109 The Advanced Computing Systems Association aug09covers.indd 1 7.13.09 9:21:47 AM Upcoming Events 22n d ACM Sy M p o S i u M o n op e r A t i n g Sy S t e ms 7t H uSENIX Sy M p o S i u M o n ne t w o r k e d Sy S t e ms prinCipleS (SoSp ’09) de S i g n A n d iM p l e M e n t A t i o n (nSDI ’10) Sponsored by ACM SIGOPS in cooperation with USENIX Sponsored
  • Closed Systems” an An�Trust Problem?

    Closed Systems” an AnTrust Problem?

    Volume 7 I Number 1 I Spring 2011 Are “Closed Systems” an Antrust Problem? Hanno F. Kaiser Latham & Watkins LLP Published in Compeon Policy Internaonal (print ISSN 1554-0189, online Copyright © 2011 ISSN 1554-6853) Spring 2011, Vol. 7. No. 1. For more arcles and Compeon Policy Internaonal, I informaon, visit www.compeonpolicyinternaonal.com Inc. Are “Closed Systems” an Antitrust Problem? By Hanno F. Kaiser* losed computer systems have come under attack as harmful to freedom, Cinnovation, and competition. Open computer systems, in contrast, are said to promote such values. This article assesses the specific claim that closed sys- tems, compared to open systems, are inherently anticompetitive. It concludes that competition policy arguments against closed systems are at best inconclu- sive and that closed systems should not be put in an antitrust suspect class. *Partner, Latham & Watkins LLP, San Francisco. The views in this article are my own, so please do not impute them to my firm or my clients. This article is licensed under a Creative Commons Attribution 3.0 license. 91 Hanno F. Kaiser I. Civic and Economic Criticisms of “Closed Systems” In his influential book The Future of the Internet and How to Stop It1 Jonathan Zittrain argues that we are headed for a future in which general purpose comput- ers, which he calls “generative systems,” will be replaced by locked-down, teth- ered computing appliances:2 “The PC revolution was launched with PCs that invited innovation by oth- ers. So, too, with the Internet. Both were generative: they were designed to accept any contribution that followed a basic set of rules (either coded for a particular operating system, or respecting the protocols of the Internet.
  • Who Owns Your Conversations?

    Who Owns Your Conversations?

    Who owns your conversations? We’re about to see a major shake-up in how people communicate within the workplace. It’s called Element. Element is the pioneer of Universal Secure Collaboration. The world has changed Now more than ever, organisations face challenges with people Element changes this. collaborating. Designed to provide a radical new way of messaging and collaborating, Internally and externally, they face an unmanaged mix of traditional, Element is for those who have woken up to the severe downsides out-of-date collaboration tools and consumer-grade messaging apps. inherent with traditional messaging and collaboration tools and saves This leaves organisations with data strewn across multiple services, them from: with little control or clarity about how the data is secured, managed, accessed or audited. Loss of data ownership These applications - like Microsoft Teams, Signal, Slack, Telegram, Walled garden apps hampering true, open collaboration WhatsApp and Zoom - operate on an overly centralised internet, which Flawed, obfuscated encryption leaves data vulnerable enables corporate and nation-state datamining and routine surveillance. The result? Individuals and organisations relinquish control of their data. The world has changed, it’s time to change with it 2 The need for decentralisation The endemic issues within traditional messaging and collaboration But decentralised is super-difficult and incredibly time-consuming. apps stem from centralisation. It’s why commercial firms, and most investors, have favoured centralised The centralised products and services and the now centralised, systems - they deliver a faster return. The downside, which end-users formerly, open internet puts too much power in too few hands, now feel, is their loss of control and privacy.
  • Voice Assistants Used on Smartphones

    Voice Assistants Used on Smartphones

    Voice Wars: Smart Speakers, Voice Assistants, and Strategies for Building a Successful Voice Ecosystem by Hans Wang B.S. Electrical Engineering and Computer Science University of California, Berkeley, 2009 SUBMITTED TO THE SYSTEM DESIGN AND MANAGEMENT PROGRAM IN PARTIAL FULLFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF SCIENCE IN ENGINEERING AND MANAGEMENT AT THE MASSACHUSETTS INSTITUTE OF TECHNOLOGY JUNE 2019 @2019 Hans Wang. All rights reserved. The author hereby grants to MIT permission to reproduce and to distribute publicly paper and electronic copies of this thesis document in whole or in part in any medium now known or hereafter created. Signature redacted- Signature of Author: System Design & Management Program ^ ^ A -May 10, 2019 Signature redactea Certified by: V Michael A.M. Davies Senior Lecturer, Integra d Design & Management Program Signature redacted Thesis Supervisor Certified by: t / Blade Kotelly Senior Lecturer, Bernard M. Gordon-MIT Engineering Leadership Program Thesis Supervisor Signature redacted Accepted by: f Joan Rubin OF TECHNOLOGY Executive Director, System Design & Management Program JUN 2 72019 LIBRARIES MCHIVES This page is intentionally left blank 2 Voice Wars: Smart Speakers, Voice Assistants, and Strategies for Building a Successful Voice Ecosystem by Hans Wang Submitted to the System Design and Management Program on May 10, 2019 in Partial Fulfillment of the Requirements for the Degree of Master of Science in Engineering and Management ABSTRACT In recent years, voice-powered digital assistants have exploded into the consumer mainstream as an important new form of human-computer interaction. Powered by dramatic improvements in speech recognition and artificial intelligence (Al) technologies over the last decade, digital voice assistants are now abundantly prevalent in modem consumer electronic devices ranging from mobile phones, to smart speakers, to wearables.
  • A Comparison of Inter-Organizational Business Models of Mobile App Stores: There Is More Than Open Vs

    A Comparison of Inter-Organizational Business Models of Mobile App Stores: There Is More Than Open Vs

    Journal of Theoretical and Applied Electronic Commerce Research This paper is available online at ISSN 0718–1876 Electronic Version www.jtaer.com VOL 6 / ISSUE 2 / AUGUST 2011 / 63-76 DOI: 10.4067/S0718-18762011000200007 © 2011 Universidad de Talca - Chile A Comparison of Inter-Organizational Business Models of Mobile App Stores: There is more than Open vs. Closed Roland M. Müller1, Björn Kijl2 and Josef K. J. Martens3 1 Berlin School of Economics and Law, Department of Information Systems, [email protected] University of Twente, School of Management and Governance, 2 [email protected], 3 [email protected] Received 16 January 2011; received in revised form 17 April 2011; accepted 18 May 2011 Abstract The purpose of this paper is to analyze the competition among mobile app stores for smart mobile media devices. Therefore, the business models of seven mobile app stores are analyzed with a special focus on Apple and Google. We use e3-value modelling – a formal business modelling technique – for analyzing the critical elements of these mobile ecosystems. The analysis of the app store ecosystems allows a differentiated view on the different strategies of the app store owners. Additionally, we look at the impact of network effects, economies of scale, platform differentiation, quality assurance, and transaction costs on the design of mobile application markets. This theoretical model allows a deeper discussion about the design choices and success factors in the different app store cases. Based on our analysis, we expect that the open versus closed models discussion becomes less relevant – so-called open platforms have closed aspects as well as the other way around – and that competitive differentiation and segmentation strategies will become increasingly critical in order to strengthen the competitive positioning of the different app store platforms.
  • IT Service Platforms: Their Value Creation Model and the Impact of Their Level of Openness on Their Adoption

    IT Service Platforms: Their Value Creation Model and the Impact of Their Level of Openness on Their Adoption

    Available online at www.sciencedirect.com ScienceDirect Procedia Computer Science 68 ( 2015 ) 173 – 187 HOLACONF - Cloud Forward: From Distributed to Complete Computing IT Service Platforms: Their Value Creation Model and the Impact of their Level of Openness on their Adoption Selam Abrham Gebregiorgisa, Jörn Altmanna* aTechnology Management, Economics, and Policy Program, Seoul Nationa University, Gwanak-Ro 1, Seoul 151-742, South-Korea Abstract Many IT service platforms (e.g., cloud computing platforms) are built as closed systems. They do not allow their customers to interoperate with other platforms or port their data to other platforms. As switching to a different system is costly, customers of a closed IT system can be considered locked in. Consequently, potential customers, who are aware of this lock-in issue, do not adopt cloud services. Opening up an IT service platform, however, reduces users’ concerns about lock-in and its associated switching cost. It is even predicted that an IT service platform gets more attractive, if it opens up. This paper validates this prediction by analyzing the level of openness (i.e., interoperability, portability, and usability) of cloud computing platforms on their adoption. For the validation, we develop a value creation model for IT service platforms. Based on this value creation model and a specification of requirements of open cloud computing platforms, the relationship between the openness of IT service platforms and the adoption of IT service platforms (i.e., attractiveness) is analyzed in detail. In particular, our results show that the level of openness plays a major role in the adoption of IT service platforms of emerging service providers.
  • Cross-Platform Development of Mobile Applications -Evaluation of the Phonegap Framework

    Cross-Platform Development of Mobile Applications -Evaluation of the Phonegap Framework

    Cross-platform development of mobile applications -Evaluation of the PhoneGap framework José Calla Guzmán Victor Cernea Bachelor thesis Computer Engineering CHALMERS UNIVERSITY OF TECHNOLOGY Department of Computer Science and Engineering Gothenburg 2012 Innehållet i detta häfte är skyddat enligt Lagen om upphovsrätt, 1960:729, och får inte reproduceras eller spridas i någon form utan medgivande av för fattaren. Förbudet gäller hela verket såväl som delar av verket och inkluderar lagring i elektroniska och magnetiska media, visning på bildskärm samt bandupptagning. José Calla Guzmán, Victor Cernea, Göteborg 2012 Abstract This thesis investigates the benefits and drawbacks of cross-platform mobile app development by developing a smartphone app using the PhoneGap framework. A web based thesis app is created for use on Android, iPhone and Windows Phone smartphones. The implementation of the app is based on a single codebase of the standard web development technologies - HTML, CSS and JavaScript. The application supports Android version 2.2 or later and for iOS version 4.2.1 or later is accepted. On Windows Phone the application is designed to be operational from version 7. The compatibility of the application on any tablets is not tested. The result will reveal problems that may encounter and notable issues that one must take in consideration when using the software development method of cross-platform. Sammanfattning Denna rapport utreder för- och nackdelar med plattformsoberoende mobilapputveckling genom att utveckla en smartphone app med PhoneGap-ramverket. En webbaserad konferensapp skapas för användning på Android, iPhone och Windows Phone smartphones. Implementationen av applikationen är byggd på en enda kodbas skriven i de vanliga webbutvecklingsspråken - HTML, CSS och JavaScript.